"CryptoClippy: New Clipper Malware Targeting Portuguese Cryptocurrency Users"

CryptoClippy, a new malware capable of stealing cryptocurrency, is currently targeting Portuguese users as part of a malvertising campaign. The activity involves Search Engine Optimization (SEO) poisoning techniques to lure people searching for "WhatsApp web" to malicious domains, according to Palo Alto Networks Unit 42. CryptoClippy, an executable written in C, is a type of cryware called clipper malware that monitors a victim's clipboard for cryptocurrency addresses and replaces them with a wallet address under the control of the threat actor. According to Unit 42 researchers, the clipper malware uses regular expressions (regexes) to determine the type of cryptocurrency associated with an address. It then replaces the clipboard entry with a visually similar wallet address for the corresponding cryptocurrency that an attacker owns. When the victim pastes the address for a transaction, they send cryptocurrency directly to the threat actor. This article continues to discuss the researchers' findings and observations regarding CryptoClippy.

THN reports "CryptoClippy: New Clipper Malware Targeting Portuguese Cryptocurrency Users"